Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.
Max CVSS
5.8
EPSS Score
0.74%
Published
2010-04-01
Updated
2018-10-10
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.
Max CVSS
5.8
EPSS Score
0.46%
Published
2011-10-19
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
Max CVSS
5.8
EPSS Score
85.93%
Published
2012-05-03
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.
Max CVSS
5.8
EPSS Score
0.59%
Published
2012-10-16
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Max CVSS
5.8
EPSS Score
0.40%
Published
2013-06-18
Updated
2022-05-13
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.
Max CVSS
5.4
EPSS Score
0.45%
Published
2007-10-06
Updated
2018-10-30
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
5.1
EPSS Score
2.82%
Published
2010-04-01
Updated
2018-10-30
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.
Max CVSS
5.1
EPSS Score
2.70%
Published
2010-04-01
Updated
2018-10-30
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
5.1
EPSS Score
2.85%
Published
2010-04-01
Updated
2018-10-10
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.
Max CVSS
5.1
EPSS Score
2.82%
Published
2010-04-01
Updated
2018-10-30
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
5.1
EPSS Score
2.39%
Published
2010-04-01
Updated
2018-10-10
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Max CVSS
5.1
EPSS Score
2.13%
Published
2010-10-19
Updated
2018-10-30
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Max CVSS
5.1
EPSS Score
29.60%
Published
2010-10-19
Updated
2018-10-10
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
Max CVSS
5.0
EPSS Score
0.59%
Published
2002-03-15
Updated
2018-10-12
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
Max CVSS
5.0
EPSS Score
13.29%
Published
2002-12-31
Updated
2008-09-05
Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
Max CVSS
5.0
EPSS Score
6.66%
Published
2003-12-31
Updated
2018-10-30
Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).
Max CVSS
5.0
EPSS Score
1.36%
Published
2004-08-06
Updated
2018-10-30
Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative.
Max CVSS
5.0
EPSS Score
34.45%
Published
2004-12-31
Updated
2017-07-11
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
Max CVSS
5.0
EPSS Score
27.78%
Published
2004-12-31
Updated
2017-07-11
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
Max CVSS
5.0
EPSS Score
0.46%
Published
2005-03-14
Updated
2017-07-11
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.
Max CVSS
5.0
EPSS Score
0.48%
Published
2006-11-21
Updated
2017-07-20
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.
Max CVSS
5.0
EPSS Score
1.54%
Published
2007-10-06
Updated
2018-10-30
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.
Max CVSS
5.0
EPSS Score
1.19%
Published
2008-07-09
Updated
2018-10-30
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.
Max CVSS
5.0
EPSS Score
3.00%
Published
2008-12-05
Updated
2017-09-29
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.
Max CVSS
5.0
EPSS Score
0.94%
Published
2008-12-05
Updated
2017-09-29
97 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!